Permit

Hey Lukas, 
Yeah I’m familiar with OCP strict SCC policy, I’ll look into it and will update you with a solution.

Hey <@U04H3T9TXLN>,
Here’s a nice guide of how to allow different kind of UIDs in your ocp cluster.
`opal`  user uid is 1000.
Lmk how I can help you more with this :slightly_smiling_face:

<https://cookbook.openshift.org/users-and-role-based-access-control/how-can-i-enable-an-image-to-run-as-a-set-user-id.html>

thx. That would require a new SCC which I'm trying to avoid :slightly_smiling_face:

I got it running now but I had to extend the image like:

FROM permitio/opal-server:0.4.0-rc1

RUN chmod g+w /opal

and then set:

securityContext:
          runAsGroup: 1000

in the container spec

Not having to do the Dockerfile would have been great :slightly_smiling_face:

I understand, this is a nice fix for OCP but I think  it’s not recommended to set `/opal` dir with these permissions as default.

Also, I recommend you to use the latest tag of opal-server

got it. maybe i can change the jwks_dir path